Privacy Policy

1. Privacy Policy Overview

BOP'S CONSULTANCY LIMITED is committed to protecting the privacy, confidentiality, and security of personal information entrusted to us. This Privacy Policy describes how we handle personal data collected through our corporate website (https://bops-consultancy.site/) and in the context of our consultancy engagements with clients, partners, investors, and prospective employees.

We process personal information in accordance with applicable data protection laws, including (where applicable) the UK General Data Protection Regulation (UK GDPR) and equivalent local legislation. This Privacy Policy is intended to provide you with clear and transparent information about our practices and your rights.

This policy applies to visitors to our website and to individuals who interact with us via our "Contact Us" page at /contact-us/, downloadable resources, events, and other online or offline touchpoints referenced on our site.

2. Information We Collect

The categories of personal data that we may collect and process through our website and related channels include:

2.1 Information you provide directly

Contact details: such as your name, business email address, telephone number, job title, organisation name, and country or region when you submit an enquiry via /contact-us/ or otherwise communicate with us.
Inquiry information: details about your request, including the nature of your enquiry, project or engagement details, areas of interest (for example services described on /services/ or /solutions/), and any other information you choose to include.
Professional and career information: such as your CV or résumé, professional history, education, and other data submitted in response to opportunities you may find via our corporate pages (for example, through resources linked from /resources/ or leadership insights on /leadership/).
Event and resource registrations: information provided when you register to access case studies, press materials, or other resources promoted via /cases/, /press/, or /resources/.
Feedback and testimonials: content that you voluntarily provide when offering feedback or testimonials related to our consultancy services, which may be referenced on our /testimonials/ page.

2.2 Information collected automatically

When you visit our website, we may automatically collect certain technical and usage information using cookies and similar technologies, as explained further in the Cookies and Tracking Technologies section. This may include:

Device and browser data: such as IP address, browser type and version, device type, operating system, language preferences, and screen resolution.
Usage data: such as the pages you visit, including /services/, /solutions/, /leadership/, /cases/, /press/, /resources/, and how you navigate and interact with our content.
Log information: standard log data, such as the date and time of access, referral URLs, system configuration, and performance data.

2.3 Information from third parties

We may receive limited personal information about you from third-party sources, for example:

Business partners or referrers who introduce you to our consultancy services.
Publicly available sources (such as professional networking platforms or corporate websites) to verify or enrich professional contact details in a B2B context.

Where required by law, we will notify you when we receive your personal information from a third party, together with the purposes for which we intend to use it.

3. Purposes of Data Use

We process personal information only for specified, explicit, and legitimate purposes. In particular, we use the information described above for the following purposes:

Service delivery and relationship management: to respond to your enquiries, assess your needs, provide proposals, and deliver consultancy services in accordance with our engagements. This may relate to activities described throughout our website, including on /services/, /solutions/, and related pages.
Communication: to communicate with you about your requests, projects, or potential collaborations, including sending important administrative or operational messages related to our services.
Insights, analytics, and website improvement: to monitor and analyse website usage, measure engagement with content such as case studies, testimonials, and press materials, improve functionality, and enhance the user experience across our site, including navigation to pages such as /leadership/, /testimonials/, and /cases/.
Business development and marketing: where permitted by law and your preferences, to share relevant information about our consultancy capabilities, publications, events, or resources highlighted on /resources/ or /press/.
Recruitment and talent engagement: to review applications, assess candidates, and communicate with you regarding potential roles or collaborations that align with our leadership and organisational needs.
Compliance and risk management: to comply with legal and regulatory obligations, to establish, exercise, or defend legal claims, and to maintain records required for audit, compliance, or reporting purposes.
Security and fraud prevention: to protect our website, systems, clients, and stakeholders from security threats, misuse, or fraudulent activity.

4. Lawful Basis for Processing

We rely on one or more of the following legal bases, as permitted by applicable data protection laws, to process your personal information:

Consent: where you have given clear consent for us to process your personal data for a specific purpose. For example, where you opt in to receive insights or communications about our services or resources.
Performance of a contract: where processing is necessary for the performance of a contract to which you are a party, or to take steps at your request prior to entering into a contract, such as evaluating consultancy proposals you request via /contact-us/.
Legitimate interests: where processing is necessary for our legitimate business interests, or those of a third party, and your interests and fundamental rights do not override those interests. These interests may include business development, service optimisation, IT security, and maintaining our corporate communications.
Legal obligations: where processing is necessary for us to comply with a legal or regulatory obligation, such as record-keeping, tax, accounting, or regulatory reporting requirements.

Where we rely on consent, you have the right to withdraw your consent at any time. This will not affect the lawfulness of processing based on consent before its withdrawal.

We do not sell your personal information. We may share personal data with the following categories of recipients, where necessary and in line with applicable law:

Professional advisers and partners: including specialist consultants, subject matter experts, and other professional advisers engaged to support client-facing work or to provide complementary consultancy solutions.
Service providers: trusted third parties who provide services such as website hosting, IT support, analytics, communications tools, or document management systems. These providers are contractually bound to process personal data only on our instructions and to implement appropriate security measures.
Corporate counterparties: in connection with any merger, acquisition, reorganisation, or other corporate transaction involving BOP'S CONSULTANCY LIMITED, subject to appropriate confidentiality safeguards.
Regulatory and public authorities: where we are required to disclose information by law, regulation, or legal process, or where disclosure is necessary to establish, exercise, or defend legal rights.

When we share personal information with third parties, we do so on a need-to-know basis and take steps to ensure that appropriate contractual and organisational safeguards are in place to protect your data.

6. International Transfers

As a provider of scientific, technical, and professional advisory services, we may need to transfer personal information across borders in the course of delivering services to clients, collaborating with partners, or operating our corporate infrastructure.

Where personal data originating in the UK or other jurisdictions with data transfer restrictions is transferred to countries outside those jurisdictions, we will ensure that one of the following conditions is met:

The destination country has been recognised as providing an adequate level of data protection by the relevant supervisory authority; or
We have implemented appropriate safeguards, such as standard contractual clauses or equivalent legal mechanisms, together with supplementary technical and organisational measures where necessary; or
A specific derogation applies under applicable law (for example, the transfer is necessary for the performance of a contract concluded in your interest).

You may contact us using the details in the Contact Information section for further information about international transfers and the safeguards we use.

7. Cookies and Tracking Technologies

Our website uses cookies and similar technologies to support core functionality, enhance user experience, and perform analytics. Cookies are small text files that are stored on your device when you visit our site.

7.1 Types of cookies we may use

Strictly necessary cookies: required for the website to function properly, such as enabling page navigation and access to secure areas.
Performance and analytics cookies: used to understand how visitors interact with our pages (for example, which of /services/, /solutions/, /cases/, or /press/ are most frequently visited) and to help us improve our content and site performance.
Functionality cookies: used to remember your preferences and choices (such as language settings) to provide a more personalised experience.

7.2 Managing your cookie preferences

Depending on your location and applicable law, you may be presented with a cookie consent banner or settings tool when you first visit our website. You can use this interface to manage certain cookie preferences.

In addition, most web browsers allow you to control cookies through their settings, including blocking or deleting cookies. Please note that disabling certain cookies may affect the functionality or performance of our website.

For more details about how we use cookies and related technologies, and how you can manage your choices, you may contact us using the details in the Contact Information section.

8. Data Security Measures

We take the security of personal information seriously and implement technical and organisational measures designed to protect data against unauthorised access, disclosure, alteration, or destruction.

These measures may include, as appropriate:

Use of secure servers, encryption in transit where appropriate, and access controls.
Role-based access permissions and authentication measures, ensuring that only authorised personnel and trusted service providers can access personal data on a need-to-know basis.
Operational policies, procedures, and awareness activities to promote responsible handling of personal information by our team.
Ongoing monitoring and review of our security posture and service provider arrangements.

While we strive to use commercially reasonable means to protect personal information, no method of transmission over the internet or method of electronic storage is completely secure. Accordingly, we cannot guarantee absolute security, but we are committed to responding promptly and transparently to any identified issues.

9. Retention of Personal Information

We retain personal information only for as long as necessary to fulfil the purposes for which it was collected, including for the purposes of satisfying any legal, regulatory, accounting, or reporting requirements.

When determining the appropriate retention period, we consider the:

Nature and sensitivity of the personal data;
The purposes for which we process the data and whether we can achieve those purposes through other means;
Potential risk of harm from unauthorised use or disclosure; and
Applicable legal, regulatory, tax, and professional obligations.

Once personal information is no longer required, we will delete it or anonymise it in a manner consistent with applicable laws and our internal policies.

10. Your Rights

Depending on your location and applicable data protection laws, you may have some or all of the following rights in relation to the personal information we hold about you:

Right of access: to obtain confirmation as to whether we process your personal data and to request a copy of that data.
Right to rectification: to request that inaccurate or incomplete personal data be corrected or updated.
Right to erasure: to request the deletion of your personal data in certain circumstances, for example, where it is no longer necessary for the purposes for which it was collected.
Right to restriction of processing: to request that we limit the processing of your personal data in certain situations.
Right to data portability: to receive your personal data in a structured, commonly used, and machine-readable format and to request that we transmit that data to another organisation, where technically feasible.
Right to object: to object to the processing of your personal data where we rely on legitimate interests, and to object at any time to the processing of your data for direct marketing purposes.
Right to withdraw consent: where we rely on your consent for processing, to withdraw that consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.
Right to lodge a complaint: to lodge a complaint with a competent data protection authority if you consider that our processing of your personal data infringes applicable law.

To exercise any of these rights, please contact us using the details set out in the Contact Information section. We may need to verify your identity before responding to your request. Where permitted by law, we may charge a reasonable fee for manifestly unfounded or excessive requests.

11. Children's Privacy

Our website and consultancy services are not directed at children, and we do not knowingly collect personal information from individuals under the age of 18. If you are a parent or guardian and believe that your child has provided personal information to us, please contact us using the details provided in the Contact Information section.

If we become aware that we have inadvertently collected personal data from a child, we will take reasonable steps to delete such information as soon as practicable, except where we are required to retain it for legal or regulatory reasons.

12. Contact Information

If you have any questions about this Privacy Policy, our data protection practices, or if you wish to exercise your data protection rights, you can contact BOP'S CONSULTANCY LIMITED using the following details:

Data Protection Enquiries
BOP'S CONSULTANCY LIMITED
Website: https://bops-consultancy.site/
Contact form: /contact-us/

When contacting us, please provide sufficient information to enable us to identify you and understand the nature of your request. We will endeavour to respond in a timely and appropriate manner in accordance with applicable legal requirements.

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any material changes will be posted on this page with an updated "Last updated" date. We encourage you to review this page periodically to stay informed about how we protect your information.